GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Mar 19, 2008 11:26 pm Post subject: [ GLSA 200803-29 ] ViewVC: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: ViewVC: Multiple vulnerabilities (GLSA 200803-29)
Severity: normal
Exploitable: remote
Date: March 19, 2008
Updated: April 01, 2009
Bug(s): #212288
ID: 200803-29
Synopsis
Multiple security issues have been reported in ViewVC, which can be
exploited by malicious people to bypass certain security restrictions.
Background
ViewVC is a browser interface for CVS and Subversion version control
repositories.
Affected Packages
Package: www-apps/viewvc
Vulnerable: < 1.0.5
Unaffected: >= 1.0.5
Architectures: All supported architectures
Description
Multiple unspecified errors were reportedly fixed by the ViewVC
development team.
Impact
A remote attacker could send a specially crafted URL to the server to
list CVS or SVN commits on "all-forbidden" files, access hidden CVSROOT
folders, and view restricted content via the revision view, the log
history, or the diff view.
Workaround
There is no known workaround at this time.
Resolution
All ViewVC users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/viewvc-1.0.5" |
References
CVE-2008-1290
CVE-2008-1291
CVE-2008-1292
Last edited by GLSA on Thu Jun 17, 2010 4:26 am; edited 5 times in total |
|
News & Announcements
